In-The-Wild & Disclosed CVEs

This code execution vulnerability exists in Internet Explorer’s scripting engine and relates to the handling of objects in memory. Successful exploitation would lead to code execution in the context of the current user. This could be used in a drive-by attack but also by utilizing ActiveX within a Microsoft office document.

Other Information

On May 21, Microsoft published an advisory describing hardware vulnerabilities that involve speculative execution side channel attacks. The vulnerability “Speculative Store Bypass” (SSB) was assigned CVE-2018-3630. Today, the advisory was updated to announce support for Speculative Store Bypass Disable (SSBD) in Intel Processors.

Also on May 21, Microsoft published another advisory that Intel announced as Rogue System Registry Read (CVE-2018-4640). Successful exploitation of this advisory would allow an attacker to bypass KASLR and requires microcode/firmware updates rather than operating system updates.